Alphabay Vendor ‘Courvoisier’ Pleaded Guilty to UK Hacking Charges

Grant West, a 25-year-old UK man, has pleaded guilty to stealing customer details from 17 major websites and reselling the information on the darknet. He admitted attacking Uber, T-Mobile, Groupon, Vitality, Coral Betting, AO.com, the British Cardiovascular Society, Mighty Deals Limited, Truly Experiences Ltd, Ladbrokes, Asda, Argos, Nectar, M R Porter, RS Feva Class Association 2017, Just Eat, and Sainsburys. Cybercrime investigators alleged that West used bruteforce to access website login forms and then sold the harvested credentials on the darknet as “fullz.”

At Southwark Crown Court, West pleaded guilty to conspiracy to defraud the online food and delivery service, Just Eat, between July and December 2015. Investigators accused West of stealing the credentials and user information of 165,000 Just Eat customers. After his arrest for the Just Eat attacks, West continued to attack websites and steal user data. He sold the “fullz” on the darknet under the username “Courvoisier.” Investigators accused the 25-year-old of selling marijuana on the darknet shop, as well as user credentials and “fullz.”

In 2016, during a raid on West’s house, police found the drugs he had been accused of selling on the darknet, along with roughly $33,000. He had earned that money, the court believes, through selling both marijuana and “fullz” online. “Fullz” is a slang term for “full credentials.” It often refers to, instead of simply a username and password, a much larger set of stolen information. This includes usernames, passwords, emails, DOBs, names, and sometimes Social Security Numbers or a country’s equivalent.

West, at Southwark Crown Court in early December, pleaded guilty to two counts of conspiracy to defraud and one computer hacking charge. He also pleaded guilty to four counts of the possession and the supply of marijuana, one count of money laundering (via Bitcoin), and two counts of possessing criminal property.

Courvoisier sold a significant number of stolen accounts on Alphabay market.

A spokesperson for Just Eat spoke to the press following completion of the hearing. “We were made aware of a phishing scam which took place in 2015 and at the time took steps to mitigate this, he said. “This particular attack affected both Just Eat customers and non-customers. At no point were Just Eat systems compromised or breached.” According to the spokesperson, Just Eat has a dedicated infosec team to protect user information. West allegedly caused $266,000 in damages to Just Eat, even though he did not manage to steal any financial information.

Judge Joanna Korner QC will sentence West at an unknown date in the future, but until then, West will remain in custody.

God damn, Courvoisier was a major fraud vendor on Evolution and AlphaBay. Can’t believe they busted him. Why was he selling drugs though while being a huge fraud vendor? If anything, this was what sealed his doom. He should’ve just stuck with what he was good at.

Can’t say I’ll miss him in any event, as he was a shady dude, especially when he was a mod on AlphaBay for a short time in early-2015 before getting removed after a bunch of incidents.